Beware of Destructive Android Trojan

Thursday, October 9, 2014 @ 01:10 PM gHale


Destructive Android malware is now posing as a legitimate app or game located on online app stores.

This new Android Trojan falls in the category Dr. Web researchers call “vandal programs.” Detected as Android.Elite.1.origin, the Trojan impersonates a game that combines Rovio’s popular Angry Bird and Hasbro’s Transformers franchise and which will release later this month.

RELATED STORIES
Faux Termination Emails a Farce
Oil & Gas Firm Attacked
Middle East Petrochem Firms Targeted
APT: In Action for Six Years

The malware creators use graphic elements from the game’s official site to make the app seem legitimate.

Once the fake app launches, it asks the user to grant it access to the device’s administrative features, so it could work as it should, but actually it will destroy and/or disrupt these areas: Format the device’s SD card and delete all content on it; block access to the WhatsApp Messenger, Facebook, Hangouts and the standard Android SMS applications by showing a graphic containing the Android logo equipped with the Guy Fawkes mask and a gun, and the message “Obey or Be Hacked.”

“To further hamper the usage of mobile communication tools, the malware hides all notifications about new incoming SMS. At the same time, received messages are saved in the Inbox folder which is actually unavailable because access to the messenger is blocked,” the researchers said in a blog post.

Finally, an SMS message saying “Elite has hacked you. Obey or be hacked” is sent to every contact in the device’s address book and every valid phone number from which an SMS is received.

These messages go out repeatedly to all these numbers every five seconds, so the mobile account associated with the compromised device can end up depleted in minutes or even seconds, the researchers said.

The researches got the malware sample from a public online service. It is possible the app can end up downloaded on third-party online app stores, but could also propagate via spam messages.

When it comes to apps, the same message always holds true: Use reputable stores, check whether the publisher of the app is the correct one, be critical of the permissions the app asks, and be especially careful when downloading widely popular apps, as their reputation and popularity often ends up misused by malware developers.



Leave a Reply

You must be logged in to post a comment.